Steer Clear of this Skype Spam

Over the last few weeks, there’s been a spam campaign taking place on Skype which involves the following steps:

Scammers use an automated technique to break old / weak Skype passwords (this has been contested by Skype users in that forum thread).

They then use these accounts to send spam messages to contacts.

The spam frequently hides the “real” destination by providing (say) a Baidu search engine link instead – along with the Skype Username of the person who clicked the link in the URL.

The websites the encoded URLs lead to tend to use redirects – it’s possible they’ve been compromised – before dumping the end-user on a diet spam page.

Here’s an example of the spam currently going around:

“Hi [username] | baidu(dot)com/[URL string] advise”

Spammers will often send messages containing shortened URLs – like Bit.ly – to disguise their bad intentions. Some search engines like baidu encode their search URLs (go to Baidu.com, search for something and then right click / view link for examples). Spammers take advantage of this, masking the link to the target website with what the victim will see in the chat spam as a legitimate, trusted URL.

Below you can see the initial landing page, the final destination and a screenshot of a Fiddler log:

This slideshow requires JavaScript.

If your Skype password is in need of a spring clean, now might be the perfect time to do it – feel free to check out the list of hints and tips on the Skype Security page.

November 8, 2016 - Recently, we have noticed that pharma sites seem to have discovered the use of JavaScript to change the “Stay or Leave” messages that you see, when you try to close or leave their sites.